search

SasanLabs / VulnerableApp

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
https://sasanlabs.github.io/VulnerableApp/
Apache License 2.0
291 stars 385 forks source link

Adding CSRF vulnerability #329

Open preetkaran20 opened 2 years ago

preetkaran20 commented 2 years ago

Is your feature request related to a problem? Please describe. Currently VulnerableApp doesn't contain any session related vulnerabilities however, backend and frontend frameworks can now support it so in this we are looking to add CSRF vulnerability

Describe the solution you'd like We can create a cookie with key name as level concatenated with vulnerability type as it is a unique combination.

How to approach and Definition of Done The way to approach the problem is

  1. Finding the usecase, so we are looking for a real life usecase where CSRF is found. May be an easier approach to find the usecase is looking at other vulnerable applications like DVWA or BWAPP or Juiceshop. Or you can also search for bug bounties for CSRF
  2. Planning for atleast 2-3 vulnerable implementations and 1-2 secure implementations

The definition of done includes:

  1. A user interface based on template design of vulnerable app
  2. Backend implementations of 2-3 vuln levels and 1-2 secure levels
  3. If needed use the embedded db which is h2
AlexisOsmont commented 1 year ago

Hello, I represent my group, we are in a Master's degree in cybersecurity and our final project is to contribute to some security issues on opensource projects, i would like to contribute to this issue, is it still open/available ? Thank u.

preetkaran20 commented 1 year ago

Hi @AlexisOsmont ,

Thanks for looking to contribute to this issue and Yes, this issue is open and available. In the start I would suggest to curate the list of vulnerability levels you are looking to add and let's discuss on them. (A small doc would be really helpful.)

Regards, Karan

AlexisOsmont commented 1 year ago

Hi again @preetkaran20 ,

we've seen that there is already an unmerged branch would you like us to work on this to finish the work based on your comments ? if the answer is yes may you give us the changes that you want please ?

Regards, @AlexisOsmont, @zgzorx.

preetkaran20 commented 1 year ago

Hi @AlexisOsmont @Zgzorx,

The unfinished PR is: https://github.com/SasanLabs/VulnerableApp/pull/364 and https://github.com/SasanLabs/VulnerableApp/pull/357 PR has all the comments.

The major conversation is at https://github.com/SasanLabs/VulnerableApp/pull/357/files/6cb5db77aa19f550b30567e7a8247ebc18797c8f#r820378181. You can follow from there onwards and please let me know if you need more information.

thanks, Karan

Zgzorx commented 1 year ago

Hi !

We managed to set the http_only cookie on level 3, we would like to be sure : does it need to be set on higher levels or not ?

Regards

preetkaran20 commented 1 year ago

@Zgzorx yes, Http_only should be set for all the higher levels. I would also suggest to include other cookie flags that owasp recommends to make it more secure for higher levels if possible.